<?php

class HttpRealmTool extends WakTool {

    /**
     * factory pattern, use this method to build instances
     * all subclasses have to implement this method
     * because of PHP object model limitations
     * @static
     * @param string $kit_id parent kit id
     * @param array $cfg configuration data, will be merged with defaults
     * @return wakTool
     */
    public static function toolFactory($kit_id,$cfg=array()) {
        return new HttpRealmTool($kit_id,$cfg);
    }

    /**
    * require http authentication, checks user/pwd again config userbase
    * @access public
    * @param bool $headers if true, sends required http headers
    * @return bool true if valid user/pwd provided
    */
    public function login($headers=false) {
        // already authenticated ?
        if ($this->authenticated)
            return true;
        // getting user / pwd
        if (!$user=$this->getUser() or !$pwd=$this->getPwd()) {
            // sending http headers
            if ($headers)
                $this->sendHeaders();
            return false;
        }
        // checking user / pwd
        if (!$this->checkUser($user,$pwd)) {
            // sending http headers
            if ($headers)
                $this->sendHeaders();
            return false;
        }
        return true;
    }

    /**
    * log users out
    */
    public function logout() {
        $this->authenticated=false;
        $this->sendHeaders();
        return true;
    }

    /**
    * return http provided user
    * @access public
    * @return string
    */
    public function getUser() {
        if (isset($_SERVER['PHP_AUTH_USER'])) {
            return $_SERVER['PHP_AUTH_USER'];
        } else if (isset($_SERVER['REMOTE_USER'])) {
            return $_SERVER['REMOTE_USER'];
        } else {
            return null;
        }
    }

    /**
    * return http provided pwd
    * @access public
    * @return string
    */
    public function getPwd() {
        return $_SERVER['PHP_AUTH_PW'];
    }

    /**
    * sends 401 headers
    */
    public function sendHeaders() {
        $realm=$this->cfg['realm']['name'];
        header('WWW-Authenticate: Basic realm="'.$realm.'"');
        header('HTTP/1.0 401 Unauthorized');
        return true;
    }

    /**
    * checks user / pwd against config user base
    * @access public
    * @param string $user
    * @param string $pwd
    * @return bool
    */
    public function checkUser($user,$pwd) {
        $users=$this->cfg['users'];
        if (!isset($users[$user])
        or $users[$user]!=$pwd) {
            return false;
        }
        // valid user
        return true;
    }

    /**
    * @var array configuration data
    */
    protected $cfg=array(
        'realm'=>array(
            'name'=>'HTTP realm name')
        ,'users'=>array(// login => pwd
        ));

    /**
    * @var bool true if auth succeeded
    */
    private $authenticated=false;
}
